Codex skin safety

Codex skin safety begins with clear boundaries.

A theme should change the atmosphere—not your trust model. CodexSkin separates inert theme data from a reviewable engine and describes the remaining CDP risk without softening it.

01

Theme packages are inert

The format accepts a fixed manifest, JSON settings, WebP images, a rights notice and signature metadata. No JavaScript, shell commands, PowerShell, executables or arbitrary CSS.

02

The engine is separate

The current open-source engine contains the fixed injection behavior. You inspect it once instead of trusting executable code from every theme author.

03

Official files stay untouched

The documented engine does not patch the Codex app bundle, WindowsApps, app.asar or an official code signature.

04

Recovery is a product feature

The stock restore path is documented next to installation. When compatibility is uncertain, restore first and diagnose second.

The honest threat model

CDP is not a cosmetic API.

Chrome DevTools Protocol can inspect and alter a Chromium renderer. The community engine uses that ability to apply fixed visual behavior to Codex, but a malicious local process with access to the debugging endpoint could do more.

What reduces exposure

The documented engine binds to 127.0.0.1 rather than a network interface. It does not make the endpoint safe from other processes on your computer.

What you should do

Do not run untrusted local software while enhanced theming is active. Pause or restore the skin before testing unknown programs. Keep Codex and the engine updated.

What the project code promises

CodexSkin does not intentionally read or transmit conversations, project content, API keys, base URLs or provider settings. Review the source to verify that behavior for the version you install.

Package anatomy

Six files. No hidden runtime.

Rename a .dreamskin file to .zip and inspect it before applying. A local builder export is marked unsigned, with SHA-256 digests for its theme JSON and image.

my-skin.dreamskin/
├── manifest.json
├── theme.json
├── background.webp
├── preview.webp
├── LICENSE.txt
└── signature.json

Recovery sequence

If anything looks wrong, return to stock first.

  1. 1
    Quit the themed session

    Stop the current Dream Skin session and close Codex.

  2. 2
    Run the documented restore entry

    Use the restore action from the same inspected engine version—not a command copied from a theme file.

  3. 3
    Launch Codex normally

    Verify Home, Task and Diff without CDP before investigating compatibility.

  4. 4
    Report reproducible details

    Include platform, Codex version, engine commit and the surface that failed. Do not include conversations or credentials.

Found a security issue?

Email contact@codexskin.org with a minimal reproduction. Do not publish credentials, personal content or an active exploit.